Re: Blocked Port (slightly off-topic)

Tue, 14 May 2002 09:40:33 -0700 

On Tue, May 14, 2002 at 06:52:33PM +0200, Renaud Deraison wrote:
> On Tue, May 14, 2002 at 10:58:21AM -0500, Russ Foster wrote:
> > Can anyone offer an avenue of direction on what I should look into next? Or
> > how to go about determining where, exactly, this port is being blocked?
> 
> Use firewalk. Or you can even use this stupid NASL script, which should
> tell you at which hop the packet was blocked (be sure to allow icmp
> unreachable messages inbound).
> 
> Usage :
> 
> nasl -t ip.of.the.remote.host fwalk.nasl

And the script I sent was wrong (duh) - it would send packets to port
23, not 1241. 

Corrected version is attached.


#
# The script code starts here
#

finished = 0;
ttl = 1;
ip_id = rand();
src = this_host();
dst = get_host_ip();
error = 0;

str_ip = string(dst);
z = strstr(str_ip, ".");

filter = string("icmp and ((icmp[0]==3) or (icmp[0]==11)) ",
                "and (icmp[24]==", str_ip-z,") ");
                
z[0]=" ";
t = strstr(z, ".");
filter = filter + string("and (icmp[25]==",z-t,") ");
t[0]=" ";
z = strstr(t, ".");
filter = filter + string("and (icmp[26]==", t-z, ") ");
z[0]=" ";
filter = filter + string("and (icmp[27]==", z, ")");


icmpfilter = filter;

# we'll send packets to port 1241, with sport 10123

sport = 10123;
dport = 1241;

tcpfilter = string("tcp and src port ", dport, " and dst port ", sport);

filter = string("dst host ", src, " and ((", tcpfilter, ") or (", icmpfilter, "))");


d = get_host_ip();
prev = string("");

#
# the traceroute itself
#

while(!finished)
{
 display("Hop #", ttl, "\n");
 ip = forge_ip_packet(ip_v : 4, ip_hl:5, ip_tos:0, ip_id:ip_id,
                      ip_len:20, ip_off:0, ip_p:IPPROTO_TCP, 
                      ip_src:src, ip_ttl:ttl);

 tcp = forge_tcp_packet(ip:ip,
                               th_sport: sport,
                               th_dport: dport,
                               th_flags:TH_SYN,
                               th_seq: 3984,
                               th_ack: 0,
                               th_x2: 0,
                               th_off: 5,
                               th_win: 8192,
                               th_urp: 0);

 
 rep = 0;
 for(i=0;((i<5) && (!rep));i=i+1)
 {
 rep = send_packet(tcp, pcap_active:TRUE, pcap_filter:filter,pcap_timeout:1);
 }

 if(!rep){
        display("Packet seems to have been blocked ", ttl, " hops away\n");
        exit(0);
        }
 else
 {
 proto = get_ip_element(ip:rep, element:"ip_p");
 if(proto == IPPROTO_TCP){
        flag = get_tcp_element(tcp:rep, element:"th_flags");
        if(flag & TH_ACK){
                display("Packet arrived safely\n");
                exit(0);
                }
        }
        
        
  ttl = ttl+1;
 }
 
 if(ttl > 50)
 {
  display("Uh-ho\n");
  exit(0);
 }
}

Reply via email to